Privacy Act of 1974; System of Records, 39095-39096 [2018-16935]

Download as PDF
sradovich on DSK3GMQ082PROD with NOTICES
Federal Register / Vol. 83, No. 153 / Wednesday, August 8, 2018 / Notices
Transitions, 23 hours; Regulatory
Capital Instruments, 54 hours;
Operational Risk, 50 hours; MSR
Valuation, 23 hours; Supplemental, 4
hours; Retail FVO/HFS, 15 hours;
Counterparty, 514 hours; and Balances,
16 hours. FR Y–14M: 1st Lien Mortgage,
516 hours; Home Equity, 516 hours; and
Credit Card, 512 hours. FR Y–14 Ongoing Automation Revisions, 480 hours.
FR Y–14 Attestation On-going Audit
and Review, 2,560 hours.
General description of report: These
collections of information are applicable
to top-tier BHCs with total consolidated
assets of $100 billion or more and U.S.
IHCs. This family of information
collections is composed of the following
three reports:
• The FR Y–14A collects quantitative
projections of balance sheet, income,
losses, and capital across a range of
macroeconomic scenarios and
qualitative information on
methodologies used to develop internal
projections of capital across scenarios
either annually or semi-annually.
• The quarterly FR Y–14Q collects
granular data on various asset classes,
including loans, securities, and trading
assets, and PPNR for the reporting
period.
• The monthly FR Y–14M is
comprised of three retail portfolio- and
loan-level schedules, and one detailed
address-matching schedule to
supplement two of the portfolio and
loan-level schedules.
The data collected through the FR
Y–14A/Q/M reports provide the Board
with the information and perspective
needed to help ensure that large firms
have strong, firm-wide risk
measurement and management
processes supporting their internal
assessments of capital adequacy and
that their capital resources are sufficient
given their business focus, activities,
and resulting risk exposures. The
annual Comprehensive Capital Analysis
and Review (CCAR) exercise
complements other Board supervisory
efforts aimed at enhancing the
continued viability of large firms,
including continuous monitoring of
firms’ planning and management of
liquidity and funding resources, as well
as regular assessments of credit, market
and operational risks, and associated
risk management practices. Information
gathered in this data collection is also
used in the supervision and regulation
of these financial institutions. To fully
evaluate the data submissions, the
Board may conduct follow-up
discussions with, or request responses
to follow up questions from,
respondents. Respondent firms are
currently required to complete and
VerDate Sep<11>2014
22:37 Aug 07, 2018
Jkt 244001
submit up to 18 filings each year: two
semi-annual FR Y–14A filings, four
quarterly FR Y–14Q filings, and 12
monthly FR Y–14M filings. Compliance
with the information collection is
mandatory.
Proposed revisions: In December
2017, the Board approved modifications
to the FR Y–14 series of reports and a
notice was published in the Federal
Register (December 15, 2017; 82 FR
59608). The proposal modified the FR
Y–14Q, Schedule L (Counterparty)
effective as of the March 31, 2018,
report date. These changes included
simplifying the ranking methodology
required for reporting positions and
combining the previously separate
collections of counterparties as ranked
by derivatives and securities financing
transactions (SFTs), respectively.
Following the finalization and adoption
of these proposed changes, the Board
became aware of unintended omissions
from the report forms and instructions
for the FR Y–14Q. The omitted items
required respondents to report their
total stressed net current exposure
under the two supervisory stressed
scenarios.
To rectify the unintended changes,
the Board is proposing to revise subschedule L.5 (Derivatives and SFT
Profile) on the FR Y–14Q by adding the
mistakenly omitted items. This
modification would allow continued
operationalization of supervisory
modeling, and would provide for total
stressed net current exposure reporting
under the two supervisory stressed
scenarios.
With the addition of the total stressed
net current exposure item, the
instructions would be changed to
modify the associated ranking
methodologies for the yearly stressed/
CCAR submission in sub-schedule L.5
to require the top 25 counterparties to
be reported as ranked by the total
stressed net current exposure. This
modification would ensure that top
counterparties are properly rankordered by the total stressed net current
exposure to be added on sub-schedule
L.5 in a manner that captures both
derivative and securities financing
transaction exposures.
The proposed revisions do not result
in a change to the estimated burden for
this series of reports, as the burden from
the proposed revisions is already
captured in the burden estimates
associated with the FR Y–14Q report.
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
39095
Board of Governors of the Federal Reserve
System, August 2, 2018.
Michele Taylor Fennell,
Assistant Secretary of the Board.
[FR Doc. 2018–16917 Filed 8–7–18; 8:45 am]
BILLING CODE 6210–01–P
FEDERAL TRADE COMMISSION
Privacy Act of 1974; System of
Records
AGENCY:
Federal Trade Commission
(FTC).
ACTION:
Notice of modified systems of
records.
The FTC is publishing in final
form a modification to all FTC Privacy
Act system of records notices (SORNs)
by amending and bifurcating an existing
global routine use relating to assistance
in data breach responses, to conform
with Office of Management and Budget
(OMB) guidance to federal agencies,
OMB Memorandum 17–12.
DATES: August 8, 2018, except that the
new routine use shall be effective
September 7, 2018.
FOR FURTHER INFORMATION CONTACT: G.
Richard Gold and Alex Tang, Attorneys,
Office of the General Counsel, FTC, 600
Pennsylvania Avenue NW, Washington,
DC 20580, (202) 326–2424.
SUPPLEMENTARY INFORMATION: In a
document previously published in the
Federal Register, 83 FR 19560 (May 3,
2018), the Federal Trade Commission,
as required by the Privacy Act, sought
comments on a proposal to modify and
bifurcate an existing routine use relating
to assistance in data breach responses,
which is applicable to all Federal Trade
Commission SORNs, to conform with
OMB Memorandum M–17–12,
Preparing for and Responding to a
Breach of Personally Identifiable
Information (January 3, 2017). See 5
U.S.C. 552a(e)(4) and (11).
The comment period closed on June
4, 2018, and the FTC received three
comments to the proposal to modify and
bifurcate an existing routine use relating
to assistance in data breach responses.
The commenters were Xyampza Kerz,
Thomas Dickinson, and Dave Root.
Xyampza Kerz’s comment expressed
concerns about the privacy of
homeowner’s personal information
posted on the Web when they buy a
home and about internet searches that
allow a searcher to find out your age
and possibly lead to discrimination. M/
M. Kerz also complains about the
practices of an online entity and asks
that the entity be shut down. These are
important privacy issues but are not
SUMMARY:
E:\FR\FM\08AUN1.SGM
08AUN1
sradovich on DSK3GMQ082PROD with NOTICES
39096
Federal Register / Vol. 83, No. 153 / Wednesday, August 8, 2018 / Notices
germane to the current public notice
and comment process. We have referred
M/M. Kerz’s comment to the FTC’s
Consumer Response Center for entry
into the Consumer Sentinel Network of
complaints and related inquiries.
The second commenter, Thomas
Dickinson, also filed a comment that is
non-germane to the current public
notice and comment process. Mr.
Dickinson asks the FTC to apply a
‘‘monitor’’ to individuals’ home phones
that identifies violations of the Do-NotCall Rule and allows the FTC to take
appropriate punitive actions. We have
also referred Mr. Dickinson’s complaint
to the FTC’s Consumer Response Center
for entry into the Consumer Sentinel
Network.
The third commenter, Dave Root,
commented that ‘‘due process and . . .
[his] . . . privacy . . . [would] . . . be
harmed by open access to sharing . . .
[his] . . . personal info between all
government agencies as outlined in this
notice.’’ Mr. Root asked if there are ‘‘any
safeguards against ‘political
weaponization’ without any
accountability, by any federal, state or
local governmental agency having
access to this information.’’ Mr. Root
asked for ‘‘‘teeth’ in the rule for anyone
. . . that purposefully uses this
information incorrectly . . . [meaning]
. . . seriously enforced jail time for
anyone who fails to act in the
investigation and prosecution process.’’
The revised routine use would not
provide ‘‘open access’’ to ‘‘all
government agencies’’ but would
require that the FTC receive a request
from another Federal agency or Federal
entity that provides enough supporting
information such that the FTC can
determine that information from an FTC
Privacy Act system or systems is
reasonably necessary to assist the
recipient agency or entity in (a)
responding to a suspected or confirmed
breach or (b) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
The Privacy Act specifically provides
civil remedies, 5 U.S.C. 552a(g),
including damages, and criminal
penalties, 5 U.S.C. 552a(i), for violations
of the Act. In addition, an individual
may be fined up to $5,000 for knowingly
and willfully requesting or gaining
access to a record about an individual
under false pretenses. 5 U.S.C.
552a(i)(3).
As stated in the Federal Register
Notice dated May 3, 2018, the FTC
VerDate Sep<11>2014
22:37 Aug 07, 2018
Jkt 244001
believes that the modified and
bifurcated routine use on data breaches
is compatible with the collection of
information pertaining to individuals
affected by a breach, and that the
disclosure of such records will help
prevent, minimize or remedy a data
breach or compromise that may affect
such individuals. By contrast, the FTC
believes that failure to take reasonable
steps to help prevent, minimize or
remedy the harm that may result from
such a breach or compromise would
jeopardize, rather than promote, the
privacy of such individuals.
The FTC provided a public comment
period and notice to OMB and Congress
as required by the Privacy Act and
implementing OMB guidelines.1
Accordingly, the FTC hereby amends
Appendix I of its Privacy Act system
notices, as published at 73 FR 33591, by
revising item number (22), adding new
item number (23), and re-designating
the former item number (23) as (24)
(without any other change) at the end of
the existing routine uses set forth in that
Appendix:
*
*
*
*
*
(22) To appropriate agencies, entities,
and persons when (a) the FTC suspects
or has confirmed that there has been a
breach of the system of records; (b) the
FTC has determined that as a result of
the suspected or confirmed breach there
is a risk of harm to individuals, the FTC
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(c) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with the FTC’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
(23) To another Federal agency or
Federal entity, when the FTC
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in (a) responding to a
suspected or confirmed breach or (b)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
(24) May be disclosed to FTC
contractors, volunteers, interns or other
authorized individuals who have a need
for the record in order to perform their
officially assigned or designated duties
for or on behalf of the FTC.
1 See U.S.C. 552a(e)(11) and 552a(r); OMB
Circular A–108 (2016).
PO 00000
Frm 00056
Fmt 4703
Sfmt 4703
HISTORY
73 FR 33591–33634 (June 12, 2008).
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2018–16935 Filed 8–7–18; 8:45 am]
BILLING CODE 6750–01–P
FEDERAL TRADE COMMISSION
Agency Information Collection
Activities; Proposed Collection;
Comment Request
Federal Trade Commission
(‘‘FTC’’ or ‘‘Commission’’).
ACTION: Notice.
AGENCY:
The FTC intends to ask the
Office of Management and Budget
(‘‘OMB’’) to extend for an additional
three years the current Paperwork
Reduction Act (‘‘PRA’’) clearance for the
information collection requirements in
the FTC Red Flags, Card Issuers, and
Address Discrepancies Rules 1
(‘‘Rules’’). That clearance expires on
November 30, 2018.
DATES: Comments must be submitted by
October 9, 2018.
ADDRESSES: Interested parties may file a
comment online or on paper by
following the instructions in the
Request for Comment part of the
SUPPLEMENTARY INFORMATION section
below. Write ‘‘Red Flags Rule, PRA
Comment, Project No. P095406’’ on your
comment. File your comment online at
https://ftcpublic.commentworks.com/
ftc/RedFlagsPRA by following the
instructions on the web-based form. If
you prefer to file your comment on
paper, mail your comment to the
following address: Federal Trade
Commission, Office of the Secretary,
600 Pennsylvania Avenue NW, Suite
CC–5610 (Annex J), Washington, DC
20580, or deliver your comment to the
following address: Federal Trade
Commission, Office of the Secretary,
Constitution Center, 400 7th Street SW,
5th Floor, Suite 5610 (Annex J),
Washington, DC 20024.
FOR FURTHER INFORMATION CONTACT:
Requests for additional information
should be addressed to Mark Eichorn,
Assistant Director, Division of Privacy
and Identity Protection, Bureau of
Consumer Protection, (202) 326–3053,
Federal Trade Commission, 600
Pennsylvania Avenue NW, Washington,
DC 20580.
SUMMARY:
1 16 CFR 681.1 (Duties regarding the detection,
prevention, and mitigation of identity theft); 16 CFR
681.2 (Duties of card issuers regarding changes of
address); 16 CFR 641.1 (Duties of users of consumer
reports regarding address discrepancies).
E:\FR\FM\08AUN1.SGM
08AUN1

Agencies

[Federal Register Volume 83, Number 153 (Wednesday, August 8, 2018)]
[Notices]
[Pages 39095-39096]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-16935]
=======================================================================
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Privacy Act of 1974; System of Records
AGENCY: Federal Trade Commission (FTC).
ACTION: Notice of modified systems of records.
-----------------------------------------------------------------------
SUMMARY: The FTC is publishing in final form a modification to all FTC
Privacy Act system of records notices (SORNs) by amending and
bifurcating an existing global routine use relating to assistance in
data breach responses, to conform with Office of Management and Budget
(OMB) guidance to federal agencies, OMB Memorandum 17-12.
DATES: August 8, 2018, except that the new routine use shall be
effective September 7, 2018.
FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang,
Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue
NW, Washington, DC 20580, (202) 326-2424.
SUPPLEMENTARY INFORMATION: In a document previously published in the
Federal Register, 83 FR 19560 (May 3, 2018), the Federal Trade
Commission, as required by the Privacy Act, sought comments on a
proposal to modify and bifurcate an existing routine use relating to
assistance in data breach responses, which is applicable to all Federal
Trade Commission SORNs, to conform with OMB Memorandum M-17-12,
Preparing for and Responding to a Breach of Personally Identifiable
Information (January 3, 2017). See 5 U.S.C. 552a(e)(4) and (11).
The comment period closed on June 4, 2018, and the FTC received
three comments to the proposal to modify and bifurcate an existing
routine use relating to assistance in data breach responses. The
commenters were Xyampza Kerz, Thomas Dickinson, and Dave Root. Xyampza
Kerz's comment expressed concerns about the privacy of homeowner's
personal information posted on the Web when they buy a home and about
internet searches that allow a searcher to find out your age and
possibly lead to discrimination. M/M. Kerz also complains about the
practices of an online entity and asks that the entity be shut down.
These are important privacy issues but are not
[[Page 39096]]
germane to the current public notice and comment process. We have
referred M/M. Kerz's comment to the FTC's Consumer Response Center for
entry into the Consumer Sentinel Network of complaints and related
inquiries.
The second commenter, Thomas Dickinson, also filed a comment that
is non-germane to the current public notice and comment process. Mr.
Dickinson asks the FTC to apply a ``monitor'' to individuals' home
phones that identifies violations of the Do-Not-Call Rule and allows
the FTC to take appropriate punitive actions. We have also referred Mr.
Dickinson's complaint to the FTC's Consumer Response Center for entry
into the Consumer Sentinel Network.
The third commenter, Dave Root, commented that ``due process and .
. . [his] . . . privacy . . . [would] . . . be harmed by open access to
sharing . . . [his] . . . personal info between all government agencies
as outlined in this notice.'' Mr. Root asked if there are ``any
safeguards against `political weaponization' without any
accountability, by any federal, state or local governmental agency
having access to this information.'' Mr. Root asked for ```teeth' in
the rule for anyone . . . that purposefully uses this information
incorrectly . . . [meaning] . . . seriously enforced jail time for
anyone who fails to act in the investigation and prosecution process.''
The revised routine use would not provide ``open access'' to ``all
government agencies'' but would require that the FTC receive a request
from another Federal agency or Federal entity that provides enough
supporting information such that the FTC can determine that information
from an FTC Privacy Act system or systems is reasonably necessary to
assist the recipient agency or entity in (a) responding to a suspected
or confirmed breach or (b) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the Federal
Government, or national security, resulting from a suspected or
confirmed breach.
The Privacy Act specifically provides civil remedies, 5 U.S.C.
552a(g), including damages, and criminal penalties, 5 U.S.C. 552a(i),
for violations of the Act. In addition, an individual may be fined up
to $5,000 for knowingly and willfully requesting or gaining access to a
record about an individual under false pretenses. 5 U.S.C. 552a(i)(3).
As stated in the Federal Register Notice dated May 3, 2018, the FTC
believes that the modified and bifurcated routine use on data breaches
is compatible with the collection of information pertaining to
individuals affected by a breach, and that the disclosure of such
records will help prevent, minimize or remedy a data breach or
compromise that may affect such individuals. By contrast, the FTC
believes that failure to take reasonable steps to help prevent,
minimize or remedy the harm that may result from such a breach or
compromise would jeopardize, rather than promote, the privacy of such
individuals.
The FTC provided a public comment period and notice to OMB and
Congress as required by the Privacy Act and implementing OMB
guidelines.\1\
---------------------------------------------------------------------------
\1\ See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A-108
(2016).
---------------------------------------------------------------------------
Accordingly, the FTC hereby amends Appendix I of its Privacy Act
system notices, as published at 73 FR 33591, by revising item number
(22), adding new item number (23), and re-designating the former item
number (23) as (24) (without any other change) at the end of the
existing routine uses set forth in that Appendix:
* * * * *
(22) To appropriate agencies, entities, and persons when (a) the
FTC suspects or has confirmed that there has been a breach of the
system of records; (b) the FTC has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
the FTC (including its information systems, programs, and operations),
the Federal Government, or national security; and (c) the disclosure
made to such agencies, entities, and persons is reasonably necessary to
assist in connection with the FTC's efforts to respond to the suspected
or confirmed breach or to prevent, minimize, or remedy such harm.
(23) To another Federal agency or Federal entity, when the FTC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to
a suspected or confirmed breach or (b) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
(24) May be disclosed to FTC contractors, volunteers, interns or
other authorized individuals who have a need for the record in order to
perform their officially assigned or designated duties for or on behalf
of the FTC.
History
73 FR 33591-33634 (June 12, 2008).
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2018-16935 Filed 8-7-18; 8:45 am]
BILLING CODE 6750-01-P